| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
The Role of Bastille Linux in Information Security Over the last 15 years, Linux has evolved from one man’s hobby into a very robust and capable operating system (OS). Today, Linux is being used around the world in a wide variety of applications in businesses, academia, and industry. In addition to being a powerful general purpose Unix clone, Linux provides a cost efficient means to implement a wide range of computer security related functions including security auditing, computer forensics, intrusion detection, firewalling, routing, and vulnerability scanning. The concept of “Defense in Depth” relies upon each of these essential functions to provide a layered security solution. Since the operating system is the underlying framework on which all of these applications operate, it is imperative that it be as secure as possible. In this paper, I will briefly examine the evolution of Linux, discuss its popularity, and examine in detail Bastille Linux, which is used to increase the security of RedHat and Mandrake Linux distributions.
04/15/2004
|
|
Aggressive Patching and the Use of a Standard Build: An OpenBSD Example This paper starts with a brief general discussion of the importance of a standard build and defines Aggressive Patching as a vital part of defense in depth. It then goes on to demonstrate how to implement Aggressive Patching by creating a Standard Build internet server farm and support structures that allow for automated patching and rapid deployment of hardened servers. The general part of this paper is intended for anyone in the IT field who is interested in security in depth. The more hands-on part is aimed at System Administrators with some Unix background working for small to medium sized companies with an active internet presence. The system detailed in the pages below has been successfully deployed in a small ISP and a medium sized virtual web hosting company. My hope is that while this is OpenBSD specific, it can work as something of a general model for small to medium sized businesses to use.
04/15/2004
|
|
Using Linux Scripts to Monitor Security This paper will show how to use basic Linux scripting to create a reusable network security monitor that is easy to use and easy to maintain. The purpose of this exercise is introduced with suggestions where it might be useful. Linux commands are discussed, along with techniques to automate them and interpret their results. Methods for turning these scripts into a generic, reusable tool that is easy to maintain are demonstrated, along with further suggestions for enhancing this tool. Various examples are given to show how these techniques can be applied to various security requirements. The full script including all the examples and the complete output are given at the end of the paper, along with a list of references. This should be enough information for security professionals to start creating their own generic reusable Linux scripts within their own collection of personal tools.
04/15/2004
|
|
Linux RootKits For Beginners - From Prevention to Removal One day while reading a mail list for the Linux Users Group in my hometown I discovered a call for help. It was a posting from a novice Linux user with a disturbing issue. While doing some routine checks on a Linux system, he found a user that had been added to the system with the user id of 0 (root). His first thought was that it might be a rootkit. He wanted to know what he could do to verify it was a rootkit and how to remove it from the system. He further asked for suggestions on preventative measures to ensure this kind of attack does not reoccur. That situation prompted me to write this paper to an understanding of rootkits and its effects. This paper will also discuss how to monitor for a rootkit, and the steps that need to be taken to remove one.
04/15/2004
|
|
Secure OS Environments for Linux In this paper I make a review of the main set of tools and resources available for Linux system administrators willing to build an operating system with enhanced security features that allow applications to run securely in a network accessible from the Internet. I have summarized the state of the art in this subject by offering an overview of the tools, compiling the most useful references and classifying them accordingly. The ultimate goal of the paper is to make more affordable the initial work for anyone interested in this topic.
04/15/2004
|
|
Linux Process Containment - A practical look at chroot and User Mode Process containment has been used for quite a long time in the computing world for the use of testing beta software and increasing the security of a process. Containing a process, which is commonly known as “jailing” a process, removes a process from the full system and stops activity inside of the container from affecting anything outside the container. There are several jailing tools available, but this paper will discuss two tools available as part of all major Linux distributions: chroot, and User-mode Linux. This document will explore some of the general ideas of how process containment is performed with chroot and User-mode Linux, and how to help ensure that a successful attack on a jailed process does not affect the main system. The benefits of each tool is contrasted, and in conclusion is shown that neither tool is best for containing all processes for all environments individually, but rather the tools can complement each other to add even more security.
04/15/2004
|
|
Step by Step Installation of a Secure Linux Web, DNS and Mail Server This paper will show how the author configured a Linux based web and e-mail server for a small company. This server is co-located at a local ISP. Because of budget limitations, the company can only locate one physical box at the ISP which limits what security measures that can be installed. The author will seek to explain the choices made. The paper will include instructions on how to build a secure web and email server with an emphasis on two key security areas; Keeping crackers out and Detecting any signs of cracker activity and limiting the changes a cracker can make This document expects the reader to have a good understanding of installing Linux and the various tools included for text editing, configuration etc.
04/15/2004
|
|
How-To Make Linux System Auditing a Little Easier In this paper I will talk about the various programs and utilities that can be used to audit your Linux system and how to put them all together in one script to make daily system auditing a little easier. Auditing your system and network covers an important aspect of security, detection. It is your last line of defense. It is crucial that you have in place a means of determining the state of your system and to detect unauthorized logins and system changes. To accomplish this there are several programs and utilities that are made available but using them all on a daily basis and over a period of time can be an over whelming task if you don’t design a good strategy. The design must be simple enough, yet effective, so that it can be used regularly and over a long period of time.
03/24/2004
|
|
FOCUS on Linux: Securing Linux Pt. II Part I of this article focused on basic methods to secure a default Linux installation. Aside from SSH, no additional software was installed on the machine to increase security. This article will examine some additional tools that can be installed to increase the overall security posture of a Linux system.
03/22/2004
|
|
FOCUS on Linux: Securing Linux Part One The purpose of this paper is to describe necessary measures that should be taken in order to secure a default Linux installation. Most default installations of Linux are grossly insecure. This paper focuses on methods that can be used not only to secure a machine with a high degree of confidence, but still allow your users to be able to accomplish their work.
03/22/2004
|
|
Page: 1 2 3 |
